Profiles
A profile in DigiCert® Private CA defines the certificate-issuance policy for a specific protocol and includes all parameters that the protocol itself can’t carry. For example:
Protocol and version (SCEP, EST, CMP, ACME)
The issuing CA and certificate template
Certificate validity period and renewal window
Allowed key types and signature algorithms
Authentication methods
Sugerencia
To create a profile or to see your existing profiles, select Profiles from the main menu in DigiCert Private CA.
Profile setup
To enable protocol-based enrollment, you first create a profile for the desired protocol.
At a high level, the process involves:
Defining the issuance settings, such as the protocol, CA, and certificate template.
Specifying how the client authenticates its first request and subsequent renewals.
Setting validity, renewal window, and any protocol-specific options (for example, encryption algorithm for SCEP responses).
Save the configuration to generate a unique URL.
The generated URL serves as the endpoint your devices and applications use to connect to your private CA.
How a profile works?
Copy the URL from the profile details and configure your client application or device to use it to connect with your private CA. The URLs have this structure:
EST → /.well-known/est/CA_<ProfileID>/simpleenroll
SCEP → /certificate-authority/api/v1/scep/<ProfileID>/cgi-bin/pkiclient.exe
CMP → /certificate-authority/api/v1/cmp/<ProfileID>
ACME → /certificate-authority/api/v1/acme/directory
The client uses this URL and its configured authentication method to:
Enroll for a new certificate
Renew an existing certificate
Revoke a certificate (CMP and ACME)